Difference between revisions of "Authentication"

From MgmtWiki
Jump to: navigation, search
(Solution)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
==Full Title or Meme==
 
==Full Title or Meme==
The process of determining who a user is.
+
The process of determining that a user is who they say they are.
  
 
==Context==
 
==Context==
Line 9: Line 9:
  
 
==Solution==
 
==Solution==
Abandon the use of the term Authentication.
+
Restrict the use of the term Authentication to the process between a user asserting an [[Identifier]] and the web site accepting that identifier use as valid.
 +
 
 +
NIST has created an [https://csrc.nist.gov/publications/detail/nistir/8344/draft Ontology of Authentication] (NISTIR 8344) that inserts Authentication between Identification and Authorization, which seems reasonable.
  
 
==Reverences==
 
==Reverences==

Latest revision as of 12:18, 19 February 2021

Full Title or Meme

The process of determining that a user is who they say they are.

Context

In the early days of computer networking is was convenient to distinguish the process of identification of a user from the process of determining the Authorization of what resources that user could access.

Problems

There are multiple process that can be used to attach identity to the user trying to access a computer resource. After many years of trying to define the terms used in the previous sentence[1], it has become clear that the sentence does not carry sufficient information to determine what it means.

Solution

Restrict the use of the term Authentication to the process between a user asserting an Identifier and the web site accepting that identifier use as valid.

NIST has created an Ontology of Authentication (NISTIR 8344) that inserts Authentication between Identification and Authorization, which seems reasonable.

Reverences

  1. NIST Digital Identity Guidelines https://doi.org/10.6028/NIST.SP.800-63-3